|Category:||Debian Local Security Checks|
|Title:||Debian LTS: Security Advisory for otrs2 (DLA-2198-1)|
|Summary:||The remote host is missing an update for the 'otrs2'; package(s) announced via the DLA-2198-1 advisory.|
The remote host is missing an update for the 'otrs2'
package(s) announced via the DLA-2198-1 advisory.
Several vulnerabilities have been discovered in otrs2 (Open source
Ticket Request System)
Support bundle generated files could contain sensitive information
that might be unwanted to be disclosed.
It's possible to craft Lost Password requests with wildcards in the
Token value, which allows attacker to retrieve valid Token(s),
generated by users which already requested new passwords.
When user downloads PGP or S/MIME keys/certificates, exported file
has same name for private and public keys. Therefore it's possible
to mix them and to send private key to the third-party instead of
'otrs2' package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your otrs2 packages.
Common Vulnerability Exposure (CVE) ID: CVE-2020-1770|
SuSE Security Announcement: openSUSE-SU-2020:0551 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1475 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1509 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-1772
Common Vulnerability Exposure (CVE) ID: CVE-2020-1774
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.